Bugfix for 1.3.12

Author: commjoen

.github/scripts/secondkey.txt

@@ -0,0 +1 @@
+6i6wsYk=9CGeo6D3o=2/I617

.gitignore

@@ -60,6 +60,9 @@ azure/k8s/pod-id.yml
 # Challenge 12 ;-)
 .github/scripts/yourkey.txt
 
+# Challenge 16
+.github/scripts/secondkey.txt
+
 # Node JS
 js/node/
 js/node_modules/

Dockerfile.web

@@ -1,6 +1,6 @@
-FROM jeroenwillemsen/wrongsecrets:1.3.12-no-vault
+FROM jeroenwillemsen/wrongsecrets:1.3.12c-no-vault
 
-ARG argBasedVersion="1.3.12"
+ARG argBasedVersion="1.3.12c"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
 ENV APP_VERSION=$argBasedVersion
 ENV K8S_ENV=Heroku(Docker)

README.md

@@ -25,7 +25,7 @@ For the basic docker exercises you currently require:
 You can install it by doing:
 
 ```bash
-docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.3.12-no-vault
+docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.3.12c-no-vault
 ```
 
 Now you can try to find the secrets by means of solving the challenge offered at:

aws/k8s/secret-challenge-vault-deployment.yml

@@ -37,7 +37,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-aws-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.3.12-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.3.12c-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

azure/k8s/secret-challenge-vault-deployment.yml.tpl

@@ -35,7 +35,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "azure-wrongsecrets-vault"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.3.12-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.3.12c-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

k8s/secret-challenge-deployment.yml

@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.3.12-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.3.12c-no-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

k8s/secret-challenge-vault-deployment.yml

@@ -30,7 +30,7 @@ spec:
         runAsNonRoot: true
       serviceAccountName: vault
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.3.12-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.3.12c-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

pom.xml

@@ -9,7 +9,7 @@
     </parent>
     <groupId>org.owasp</groupId>
     <artifactId>wrongsecrets</artifactId>
-    <version>1.3.12-SNAPSHOT</version>
+    <version>1.3.12c-SNAPSHOT</version>
     <name>OWASP WrongSecrets</name>
     <description>Examples with how to not use secrets</description>
     <url>https://owasp.org/www-project-wrongsecrets/</url>

src/main/resources/application.properties

@@ -48,7 +48,6 @@ spring.cloud.vault.kubernetes.kubernetes-path=kubernetes
 spring.cloud.vault.kubernetes.service-account-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
 #---
 spring.config.activate.on-profile=local-vault
-challengedockermtpath=./
 wrongsecretvalue=wrongsecret
 spring.config.import=vault://secret/secret-challenge
 spring.application.name=secret-challenge
@@ -60,7 +59,6 @@ spring.cloud.vault.authentication=TOKEN
 spring.cloud.vault.token=00000000-0000-0000-0000-000000000000
 #---
 spring.config.activate.on-profile=without-vault
-challengedockermtpath=./
 wrongsecretvalue=wrongsecret
 spring.cloud.vault.enabled=false
 asciidoctor.enabled=true