Merge branch 'master' into issue-2357-upgrade-k8s-1.35

Author: commjoen

.github/scripts/.bash_history

@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
 git rebase -i main
 git rebase -i master
 git stash
-export tempPassword="8S2PzZ7da3Jx9geda6JOqqfYlSDYzM7QbpUGyxM9umw="
+export tempPassword="yyi9i5aAs4kifnlX6j7o81GTMC10jIBLxR2F5a8nClU="
 mvn run tempPassword
 k6
 npx k6

.github/scripts/docker-create.sh

@@ -354,12 +354,51 @@ build_update_pom() {
     cd ../.. && ./mvnw clean && ./mvnw --batch-mode release:update-versions -DdevelopmentVersion=${tag}-SNAPSHOT && ./mvnw spotless:apply && ./mvnw install -DskipTests
     cd .github/scripts
     echo "Removing unnecessary binaries from the jar file"
+    # macOS / non-Linux binaries (never used in the Alpine Docker container)
     zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-golang
     zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-golang-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-c
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-c-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-advanced-c
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-advanced-c-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-advanced-c-arm-stripped
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-advanced-c-stripped
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-cplus
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-cplus-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-challenge52-c
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-challenge52-c-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-challenge53-c
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-challenge53-c-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-rust
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-rust-arm
     zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-dotnet
     zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-dotnet-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-swift
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-swift-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-swift-ctf
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-swift-arm-ctf
+    # Linux glibc (non-musl) binaries (Alpine uses musl; golang uses glibc linux binary intentionally)
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-c-linux
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-c-linux-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-advanced-c-linux
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-advanced-c-linux-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-advanced-c-linux-arm-stripped
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-advanced-c-linux-stripped
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-cplus-linux
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-cplus-linux-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-challenge52-c-linux
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-challenge52-c-linux-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-challenge53-c-linux
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-challenge53-c-linux-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-rust-linux
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-rust-linux-arm
     zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-dotnet-linux
     zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-dotnet-linux-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-swift-linux
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-swift-linux-arm
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-swift-linux-ctf
+    zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-swift-linux-arm-ctf
+    # Windows binaries
     zip -d ../../target/*.jar BOOT-INF/classes/executables/*.exe
     docker buildx create --name mybuilder
     docker buildx use mybuilder

.github/workflows/link_checker.yml

@@ -18,7 +18,7 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@v2.7.0
+        uses: lycheeverse/lychee-action@v2.8.0
         with:
-          args: --exclude-all-private --exclude-path "src/main/resources/templates/about.html" --exclude-path ".lycheeignore" -r 2 './**/*.md' './**/*.html'
+          args: --exclude-all-private --exclude-path "src/main/resources/templates/about.html" --exclude-path ".lycheeignore" --root-dir . -r 2 './**/*.md' './**/*.html'
           fail: true

.gitignore

@@ -82,6 +82,9 @@ src/main/resources/executables/wrongsecrets-dotnet*
 k8s/challenge53/executables/wrongsecrets-challenge53-c
 k8s/challenge53/executables/wrongsecrets-challenge53-c*
 
+# Challenge 62
+challenge62-key.json
+
 # Node JS
 js/node/
 js/node_modules/

.lycheeignore

@@ -33,3 +33,6 @@ https://github.com/topics/secrets-detection
 
 # Helm docs are flaky in CI (connection resets)
 https://helm.sh/docs/intro/install/
+
+# Google Docs require authentication and always return 401 to link checkers
+https://docs.google.com/document/*

.mvn/wrapper/maven-wrapper.properties

@@ -1,2 +1,2 @@
 distributionType=only-script
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.12/apache-maven-3.9.12-bin.zip
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.14/apache-maven-3.9.14-bin.zip

.pre-commit-config.yaml

@@ -13,7 +13,7 @@ repos:
     hooks:
       - id: renovate-config-validator
   - repo: https://github.com/eslint/eslint
-    rev: v9.39.3
+    rev: v9.39.4
     hooks:
       - id: eslint
         args:

CONTRIBUTING.md

@@ -475,7 +475,7 @@ Use this block as refrence for hints:
 ### Step 5: Add challenge configuration.
 
 In this step we configure the challenge to make it known to the application.
-Open `src/main/resources/wrong_secrets_configuration.yaml` and add the following configuration:
+Open `src/main/resources/wrong-secrets-configuration.yaml` and add the following configuration:
 
 ```yaml
     - name: Challenge 28

Dockerfile

@@ -1,7 +1,7 @@
 FROM bellsoft/liberica-openjre-debian:25-cds AS builder
 WORKDIR /builder
 
-ARG argBasedVersion="1.13.1-alpha11"
+ARG argBasedVersion="1.13.2"
 
 COPY --chown=wrongsecrets target/wrongsecrets-${argBasedVersion}-SNAPSHOT.jar application.jar
 RUN java -Djarmode=tools -jar application.jar extract --layers --destination extracted
@@ -19,6 +19,10 @@ ENV DOCKER_ENV_PASSWORD="This is it"
 ENV AZURE_KEY_VAULT_ENABLED=false
 ENV CHALLENGE59_SLACK_WEBHOOK_URL=$challenge59_webhook_url
 ENV WRONGSECRETS_MCP_SECRET=MCPStolenSecret42!
+ARG GOOGLE_SERVICE_ACCOUNT_KEY="if_you_see_this_configure_the_google_service_account_properly"
+ARG GOOGLE_DRIVE_DOCUMENT_ID="1PlZkwEd7GouyY4cdOxBuczm6XumQeuZN31LR2BXRgPs"
+ENV GOOGLE_SERVICE_ACCOUNT_KEY=$GOOGLE_SERVICE_ACCOUNT_KEY
+ENV GOOGLE_DRIVE_DOCUMENT_ID=$GOOGLE_DRIVE_DOCUMENT_ID
 ENV SPRINGDOC_UI=false
 ENV SPRINGDOC_DOC=false
 ENV BASTIONHOSTPATH="/home/wrongsecrets/.ssh"
@@ -41,6 +45,7 @@ COPY --chown=wrongsecrets .github/scripts/ /var/tmp/helpers
 COPY --chown=wrongsecrets .github/scripts/.bash_history /home/wrongsecrets/
 COPY --chown=wrongsecrets src/main/resources/executables/wrongsecrets*linux-musl* /home/wrongsecrets/
 COPY --chown=wrongsecrets src/main/resources/executables/wrongsecrets-golang-linux /home/wrongsecrets/
+COPY --chown=wrongsecrets src/main/resources/executables/wrongsecrets-golang-linux-arm /home/wrongsecrets/
 COPY --chown=wrongsecrets src/test/resources/alibabacreds.kdbx /var/tmp/helpers
 COPY --chown=wrongsecrets src/test/resources/RSAprivatekey.pem /var/tmp/helpers/
 COPY --chown=wrongsecrets .ssh/ /home/wrongsecrets/.ssh/

Dockerfile.web

@@ -1,5 +1,5 @@
-FROM jeroenwillemsen/wrongsecrets:1.13.1-alpha11-no-vault
-ARG argBasedVersion="1.13.1-alpha11-no-vault"
+FROM jeroenwillemsen/wrongsecrets:1.13.2-no-vault
+ARG argBasedVersion="1.13.2-no-vault"
 ARG spring_profile="without-vault"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
 ARG CTF_ENABLED=false
@@ -39,6 +39,10 @@ ENV default_aws_value_challenge_11=$CHALLENGE_11_VALUE
 ENV BASTIONHOSTPATH="/home/wrongsecrets/.ssh"
 ENV PROJECTSPECPATH="/var/helpers/project-specification.mdc"
 ENV funnybunny="This is a funny bunny"
+ARG GOOGLE_SERVICE_ACCOUNT_KEY="if_you_see_this_configure_the_google_service_account_properly"
+ARG GOOGLE_DRIVE_DOCUMENT_ID="1PlZkwEd7GouyY4cdOxBuczm6XumQeuZN31LR2BXRgPs"
+ENV GOOGLE_SERVICE_ACCOUNT_KEY=$GOOGLE_SERVICE_ACCOUNT_KEY
+ENV GOOGLE_DRIVE_DOCUMENT_ID=$GOOGLE_DRIVE_DOCUMENT_ID
 # Keep memory usage within Heroku dyno limits (512MB dyno).
 # Hard cap heap to 250M, metaspace to 60M, disable expensive GC, exit on OOM immediately.
 ENV JAVA_TOOL_OPTIONS="-Xmx250M -Xms128M -XX:MetaspaceSize=40M -XX:MaxMetaspaceSize=60M -XX:CompressedClassSpaceSize=32M -XX:+UseG1GC -XX:MaxGCPauseMillis=50 -XX:+ExitOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/heapdump.hprof"