Fixing Some Levels, Upgrading Libraries, Enhancement to Tomcat and ve…

…rifying fixes (#638) * publish to OWASP DockerHub * update readme to point to owasp shepherd * closes issue #620 * closes issue #622 * closes issue #624 * removing unused import * fixing linting issue * fixing some weirdness when running on docker where key doesn't get displayed properly * Bump fongo from 2.0.6 to 2.1.1 Bumps [fongo](https://github.com/fakemongo/fongo) from 2.0.6 to 2.1.1. - [Release notes](https://github.com/fakemongo/fongo/releases) - [Changelog](https://github.com/fakemongo/fongo/blob/master/CHANGELOG) - [Commits](fakemongo/fongo@fongo-2.0.6...fongo-2.1.1) --- updated-dependencies: - dependency-name: com.github.fakemongo:fongo dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump argon2-jvm from 2.2 to 2.11 Bumps [argon2-jvm](https://github.com/phxql/argon2-jvm) from 2.2 to 2.11. - [Release notes](https://github.com/phxql/argon2-jvm/releases) - [Changelog](https://github.com/phxql/argon2-jvm/blob/master/CHANGELOG.md) - [Commits](phxql/argon2-jvm@v2.2...v2.11) --- updated-dependencies: - dependency-name: de.mkammerer:argon2-jvm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-context from 5.1.1.RELEASE to 5.3.19 Bumps [spring-context](https://github.com/spring-projects/spring-framework) from 5.1.1.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.1.1.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-web from 5.3.16 to 5.3.19 Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.16 to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.16...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump encoder from 1.2.1 to 1.2.3 Bumps [encoder](https://github.com/owasp/owasp-java-encoder) from 1.2.1 to 1.2.3. - [Release notes](https://github.com/owasp/owasp-java-encoder/releases) - [Commits](OWASP/owasp-java-encoder@v1.2.1...v1.2.3) --- updated-dependencies: - dependency-name: org.owasp.encoder:encoder dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump junit-jupiter-engine from 5.0.1 to 5.8.2 Bumps [junit-jupiter-engine](https://github.com/junit-team/junit5) from 5.0.1 to 5.8.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.0.1...r5.8.2) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.4.1 to 3.12.10 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.4.1 to 3.12.10. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.4.1...r3.12.10) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fixing issue where csrf two and three crossover * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.3 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.3. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-compiler-plugin from 3.8.1 to 3.10.1 Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.8.1 to 3.10.1. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.8.1...maven-compiler-plugin-3.10.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Conforming to the way xxe challenge 1 is set up * cheats for xxe levels * fixing lint issue * Bump properties-maven-plugin from 1.0.0 to 1.1.0 Bumps [properties-maven-plugin](https://github.com/mojohaus/properties-maven-plugin) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/mojohaus/properties-maven-plugin/releases) - [Commits](mojohaus/properties-maven-plugin@properties-maven-plugin-1.0.0...properties-maven-plugin-1.1.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:properties-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump json from 20211205 to 20220320 Bumps [json](https://github.com/douglascrockford/JSON-java) from 20211205 to 20220320. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) --- updated-dependencies: - dependency-name: org.json:json dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-test from 5.0.7.RELEASE to 5.3.19 Bumps [spring-test](https://github.com/spring-projects/spring-framework) from 5.0.7.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.7.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-core from 5.0.11.RELEASE to 5.3.19 Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 5.0.11.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.11.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-clean-plugin from 3.1.0 to 3.2.0 Bumps [maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/apache/maven-clean-plugin/releases) - [Commits](apache/maven-clean-plugin@maven-clean-plugin-3.1.0...maven-clean-plugin-3.2.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump build-helper-maven-plugin from 3.0.0 to 3.3.0 Bumps [build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin) from 3.0.0 to 3.3.0. - [Release notes](https://github.com/mojohaus/build-helper-maven-plugin/releases) - [Commits](mojohaus/build-helper-maven-plugin@build-helper-maven-plugin-3.0.0...build-helper-maven-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:build-helper-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fixing csrf challenge 2 where id was not displayed and cheat had a typo * marking adjustments to CSRF levels to make them clearer * fixing lint issue * adjusting xxe * fixing lint issue * fixing lint issue * fixing lint issue * fixing lint issue * Revert "adjusting xxe" * fixing lint issue * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.4 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.4. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mockito-core from 4.4.0 to 4.5.1 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.4.0 to 4.5.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.4.0...v4.5.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.12.10 to 3.12.11 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.12.10 to 3.12.11. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.12.10...r3.12.11) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Increase maximum header size to allow proxy headers Increase the maxHttpHeaderSize to "65536" to allow oauth proxy headers Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Niemi <spencer.niemi@elastic.co>
OWASP · May 16, 2022 · 14ba710 · 14ba710
1 parent 72f8767
commit 14ba710
Show file tree

Hide file tree

Showing 16 changed files with 114 additions and 112 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -39,7 +39,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v3
         with:
-          images: ismisepaul/securityshepherd
+          images: owasp/security-shepherd
 
       - name: Set up JDK 1.8
         uses: actions/setup-java@v1

diff --git a/README.md b/README.md
@@ -2,8 +2,7 @@
 # OWASP Security Shepherd [![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-48A646.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Flagship_Projects) 
 The [OWASP Security Shepherd Project](http://bit.ly/owaspSecurityShepherd) is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status.
 
-[![Build and Test](https://github.com/ismisepaul/SecurityShepherd/actions/workflows/test.yml/badge.svg)](https://github.com/ismisepaul/SecurityShepherd/actions/workflows/test.yml)
-
+[![Build and Test](https://github.com/OWASP/SecurityShepherd/actions/workflows/test.yml/badge.svg)](https://github.com/OWASP/SecurityShepherd/actions/workflows/test.yml)  
 # Where can I download Security Shepherd?
 
 ### Virtual Machine or Manual Setup

diff --git a/docker/tomcat/serverxml.patch b/docker/tomcat/serverxml.patch
@@ -25,10 +25,10 @@
          </SSLHostConfig>
      </Connector>
      -->
-+    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
++    <Connector port="8443" protocol="HTTP/1.1" maxHttpHeaderSize="65536" SSLEnabled="true"
 +          maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
 +          keystoreFile="conf/TLS_KEYSTORE_FILE" keystorePass="TLS_KEYSTORE_PASS" keyAlias="ALIAS">
 +    </Connector>
 
      <!-- Define an AJP 1.3 Connector on port 8009 -->
-     <!--
+     <!--
diff --git a/pom.xml b/pom.xml
@@ -24,7 +24,7 @@
 		<dependency>
 			<groupId>de.mkammerer</groupId>
 			<artifactId>argon2-jvm</artifactId>
-			<version>2.2</version>
+			<version>2.11</version>
     	</dependency>
 		<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
 		<dependency>
@@ -36,7 +36,7 @@
 		<dependency>
 			<groupId>org.json</groupId>
 			<artifactId>json</artifactId>
-			<version>20211205</version>
+			<version>20220320</version>
 		</dependency>
 		<!-- https://mvnrepository.com/artifact/com.googlecode.json-simple/json-simple -->
 		<dependency>
@@ -79,7 +79,7 @@
 		<dependency>
 			<groupId>org.mongodb</groupId>
 			<artifactId>mongo-java-driver</artifactId>
-			<version>3.4.1</version>
+			<version>3.12.11</version>
 		</dependency>
 		<dependency>
 			<groupId>javax</groupId>
@@ -111,7 +111,7 @@
 		<dependency>
 			<groupId>org.owasp.encoder</groupId>
 			<artifactId>encoder</artifactId>
-			<version>1.2.1</version>
+			<version>1.2.3</version>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
@@ -125,23 +125,23 @@
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-web</artifactId>
-			<version>5.3.16</version>
+			<version>5.3.19</version>
 			<scope>test</scope>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/org.springframework/spring-test -->
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-test</artifactId>
-			<version>5.0.7.RELEASE</version>
+			<version>5.3.19</version>
 			<scope>test</scope>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/org.springframework/spring-core -->
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-core</artifactId>
-			<version>5.0.11.RELEASE</version>
+			<version>5.3.19</version>
 			<scope>test</scope>
 		</dependency>
 
@@ -156,22 +156,22 @@
 		<dependency>
 			<groupId>com.github.fakemongo</groupId>
 			<artifactId>fongo</artifactId>
-			<version>2.0.6</version>
+			<version>2.1.1</version>
 			<scope>test</scope>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/org.springframework/spring-context -->
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-context</artifactId>
-			<version>5.1.1.RELEASE</version>
+			<version>5.3.19</version>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/org.springframework.data/spring-data-mongodb -->
 		<dependency>
 			<groupId>org.springframework.data</groupId>
 			<artifactId>spring-data-mongodb</artifactId>
-			<version>2.1.1.RELEASE</version>
+			<version>3.3.4</version>
 		</dependency>
 
 		<!-- Test -->
@@ -185,7 +185,7 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter-engine</artifactId>
-			<version>5.0.1</version>
+			<version>5.8.2</version>
 			<scope>test</scope>
 		</dependency>
 
@@ -201,7 +201,7 @@
 		<dependency>
 			<groupId>org.mockito</groupId>
 			<artifactId>mockito-core</artifactId>
-			<version>4.4.0</version>
+			<version>4.5.1</version>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/io.github.cdimascio/java-dotenv -->
@@ -220,7 +220,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-clean-plugin</artifactId>
-						<version>3.1.0</version>
+						<version>3.2.0</version>
 						<configuration>
 							<filesets>
 								<fileset>
@@ -392,7 +392,7 @@
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>properties-maven-plugin</artifactId>
-				<version>1.0.0</version>
+				<version>1.1.0</version>
 				<executions>
 					<execution>
 						<phase>initialize</phase>
@@ -409,7 +409,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.8.1</version>
+				<version>3.10.1</version>
 				<configuration>
 					<source>1.8</source>
 					<target>1.8</target>
@@ -485,7 +485,7 @@
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>build-helper-maven-plugin</artifactId>
-				<version>3.0.0</version>
+				<version>3.3.0</version>
 				<executions>
 					<execution>
 						<id>add-test-source</id>

diff --git a/src/main/java/servlets/module/challenge/CsrfChallengeSeven.java b/src/main/java/servlets/module/challenge/CsrfChallengeSeven.java
@@ -47,8 +47,6 @@ public class CsrfChallengeSeven extends HttpServlet {
    * Allows users to set their CSRF attack string to complete this module. They should be using this
    * to force users to visit their own pages that forces the victim to submit a post request to the
    * CSRFChallengeTargetSeven
-   *
-   * @param myMessage To Be stored as the users message for this module
    */
   public void doPost(HttpServletRequest request, HttpServletResponse response)
       throws ServletException, IOException {
@@ -73,8 +71,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             ses.getAttribute("userName").toString());
         log.debug(levelName + " servlet accessed by: " + ses.getAttribute("userName").toString());
         Cookie tokenCookie = Validate.getToken(request.getCookies());
-        Object tokenParmeter = request.getParameter("csrfToken");
-        if (Validate.validateTokens(tokenCookie, tokenParmeter)) {
+        Object tokenParameter = request.getParameter("csrfToken");
+        if (Validate.validateTokens(tokenCookie, tokenParameter)) {
           String myMessage = request.getParameter("myMessage");
           log.debug("User Submitted - " + myMessage);
           myMessage = Validate.makeValidUrl(myMessage);

diff --git a/src/main/java/servlets/module/challenge/CsrfChallengeSevenGetToken.java b/src/main/java/servlets/module/challenge/CsrfChallengeSevenGetToken.java
@@ -90,7 +90,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
           int i = 0;
           while (rs.next()) {
             i++;
-            htmlOutput += Encode.forHtml("\"" + rs.getString(1) + "\"") + " <br/>";
+            htmlOutput += Encode.forHtml(rs.getString(1)) + " <br/>";
           }
           log.debug("Returned " + i + " CSRF Tokens for ID: " + userId);
           conn.close();

diff --git a/src/main/java/servlets/module/challenge/DirectObjectBankCurrentBalance.java b/src/main/java/servlets/module/challenge/DirectObjectBankCurrentBalance.java
@@ -71,10 +71,10 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         log.debug("Account Number - " + accountNumber);
         String applicationRoot = getServletContext().getRealPath("");
         String htmlOutput = new String();
-        float currentBalance =
+        long currentBalance =
             DirectObjectBankLogin.getAccountBalance(accountNumber, applicationRoot);
         log.debug("Outputting HTML");
-        htmlOutput = Float.toString(currentBalance);
+        htmlOutput = Long.toString(currentBalance);
         out.write(htmlOutput);
       } catch (SQLException e) {
         out.write(

diff --git a/src/main/java/servlets/module/challenge/DirectObjectBankLogin.java b/src/main/java/servlets/module/challenge/DirectObjectBankLogin.java
@@ -141,7 +141,7 @@ public static String bankForm(
       ResourceBundle errors)
       throws SQLException {
 
-    float currentBalance = getAccountBalance(accountNumber, applicationRoot);
+    long currentBalance = getAccountBalance(accountNumber, applicationRoot);
     String bankForm =
         "<h2 class='title'>"
             + bundle.getString("bankForm.yourAccount")
@@ -161,9 +161,8 @@ public static String bankForm(
               + "<br><br>"
               + ""
               + bundle.getString("result.theKeyIs")
-              + " <a>"
-              + Hash.generateUserSolution(levelResult, (String) ses.getAttribute("userName"))
-              + "</a>";
+              + ""
+              + Hash.generateUserSolution(levelResult, (String) ses.getAttribute("userName"));
     }
     bankForm +=
         ""
@@ -233,7 +232,7 @@ public static String bankForm(String accountNumber, String applicationRoot, Http
     ResourceBundle bundle =
         ResourceBundle.getBundle("i18n.servlets.challenges.directObject.directObjectBank", locale);
 
-    float currentBalance = getAccountBalance(accountNumber, applicationRoot);
+    long currentBalance = getAccountBalance(accountNumber, applicationRoot);
     String bankForm =
         "<h2 class='title'>"
             + bundle.getString("bankForm.yourAccount")
@@ -317,18 +316,18 @@ public static String bankForm(String accountNumber, String applicationRoot, Http
    * @return Returns a Float Value representing the balance
    * @throws SQLException If no rows found or if SQL error occurs
    */
-  public static float getAccountBalance(String accountNumber, String applicationRoot)
+  public static long getAccountBalance(String accountNumber, String applicationRoot)
       throws SQLException {
     Connection conn = Database.getChallengeConnection(applicationRoot, "directObjectBank");
     CallableStatement callstmt;
-    float toReturn = 0;
+    long toReturn = 0;
     try {
 
       callstmt = conn.prepareCall("CALL currentFunds(?)");
       callstmt.setString(1, accountNumber);
       ResultSet rs = callstmt.executeQuery();
       if (rs.next()) {
-        toReturn = rs.getFloat(1);
+        toReturn = rs.getLong(1);
       } else {
         throw new SQLException("Could not Get Funds. No Rows Found From Query");
       }

diff --git a/src/main/java/servlets/module/challenge/DirectObjectBankTransfer.java b/src/main/java/servlets/module/challenge/DirectObjectBankTransfer.java
@@ -85,12 +85,12 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         // Positive Transfer Amount?
         if (tranferAmount > 0) {
           // Sender Account Has necessary funds?
-          float senderFunds =
+          long senderFunds =
               DirectObjectBankLogin.getAccountBalance(senderAccountNumber, applicationRoot);
           if ((senderFunds - tranferAmount) > 0) {
             // Check Receiver Account Exists
             try {
-              float recieverAccountBalanace =
+              long recieverAccountBalanace =
                   DirectObjectBankLogin.getAccountBalance(recieverAccountNumber, applicationRoot);
               if (recieverAccountBalanace >= 0) {
                 performTransfer = true;