Merge pull request #2499 from OWASP/quicchallenge63fixes

commjoen · web-flow · commit e00abb45d039 · 2026-04-18T07:20:12.000+02:00
fixes to challenge63
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge63.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge63.java
@@ -1,4 +1,4 @@
-package org.owasp.wrongsecrets.challenges.docker.challenge63;
+package org.owasp.wrongsecrets.challenges.docker;
 
 import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
 
@@ -9,9 +9,7 @@
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import lombok.extern.slf4j.Slf4j;
-import com.google.common.base.Strings;
-import org.owasp.wrongsecrets.challenges.Challenge;
-import org.owasp.wrongsecrets.challenges.Spoiler;
+import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge;
 import org.springframework.stereotype.Component;
 
 /**
@@ -21,38 +19,18 @@
  */
 @SuppressWarnings("java:S5542")
 @SuppressFBWarnings(
-  value = {"CIPHER_INTEGRITY", "PADDING_ORACLE"},
+    value = {"CIPHER_INTEGRITY", "PADDING_ORACLE"},
     justification = "Challenge intentionally demonstrates hardcoded key/IV and CBC weaknesses")
 @Slf4j
 @Component
-public class Challenge63 implements Challenge {
+public class Challenge63 extends FixedAnswerChallenge {
 
   private static final String HARDCODED_KEY = "SuperSecretKey12";
   private static final String HARDCODED_IV = "InitVector123456";
   private static final String CIPHERTEXT = "TDPwOvcLsbCWV5erlk6OHFnlFoXNtdQOt2JQeq+i4Ho=";
-  private String result;
-
-  public Challenge63() {
-    // explicit constructor required
-  }
 
   @Override
-  public Spoiler spoiler() {
-    if (Strings.isNullOrEmpty(result)) {
-      result = getAnswer();
-    }
-    return new Spoiler(result);
-  }
-
-  @Override
-  public boolean answerCorrect(String answer) {
-    if (Strings.isNullOrEmpty(result)) {
-      result = getAnswer();
-    }
-    return result.equals(answer);
-  }
-
-  private String getAnswer() {
+  public String getAnswer() {
     try {
       byte[] keyBytes = HARDCODED_KEY.getBytes(StandardCharsets.UTF_8);
       byte[] ivBytes = HARDCODED_IV.getBytes(StandardCharsets.UTF_8);
diff --git a/src/main/resources/explanations/challenge63.adoc b/src/main/resources/explanations/challenge63.adoc
@@ -17,4 +17,3 @@ echo "TDPwOvcLsbCWV5erlk6OHFnlFoXNtdQOt2JQeq+i4Ho=" | openssl enc -d -aes-128-cb
   -iv $(echo -n "InitVector123456" | xxd -p) \
   -base64
 ----
-
diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge63Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge63Test.java
@@ -1,18 +1,16 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
-import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
-import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import org.junit.jupiter.api.Test;
-import org.owasp.wrongsecrets.challenges.docker.challenge63.Challenge63;
+import org.owasp.wrongsecrets.Challenges.ErrorResponses;
 
 class Challenge63Test {
 
   @Test
   void testAnswerIsCorrect() {
-    Challenege63 challenge = new Challenge63();
+    Challenge63 challenge = new Challenge63();
     assertTrue(challenge.answerCorrect(challenge.getAnswer()));
     assertFalse(challenge.answerCorrect(ErrorResponses.DECRYPTION_ERROR));
   }
@@ -22,5 +20,4 @@ void testWrongAnswerIsRejected() {
     Challenge63 challenge = new Challenge63();
     assertFalse(challenge.answerCorrect("wronganswer"));
   }
-
 }

-Original file line number
+Diff line change
   -iv $(echo -n "InitVector123456" | xxd -p) \
   -base64
 ----
+-